Data processing system, data processing method, and program

ABSTRACT

A log output device and a program are provided, which append a signature to a log, prevent an undetectable tampering (alteration, insertion, deletion, etc.), and are able to narrow tampered position if tampered. The log output device forms a log record including a data part and a hash part, and outputs to a disk; the hash part is formed by combining a hash of the data part (data hash) and a hash of the hash part of the previous record (link hash); a signature is appended to only a part of records of a hash chain; when outputting the record to the disk, a copy of the hash part of the record is maintained on a process memory; when outputting next record, the hash part of the latest record on the disk and the hash part maintained on the process memory are compared; if they are matched, the record on the disk is determined as not being tampered, and if mismatched, the record is determined as tampered.

TECHNICAL FIELD

The present invention relates to, for example, a log in a contentsdistribution system or a company information system, and in particular,to technique to prevent undetectable tampering (alteration, wrong recordinsertion, deletion, etc.) and to secure integrity of the log byappending a signature to log data.

BACKGROUND ART

Nowadays, a “log” outputted from equipments or devices belonging to asystem has increased its importance in a contents distribution system ora company information system.

For example, in the contents distribution system, it has been carriedout or will be carried out that the contents holder verifies whethersales of the contents is done within a licensed range (permitted salesamount, sales price, etc.) permitted for the contents provider(distributor) by the contents holder based on a log of the contentsdistribution system deployed and developed by the contents provider.

Further, it has been carried out or will be carried out that a studioverifies whether a movie is screened within a range (permitted screeningperiod, screening times) permitted by the studio which supplies adigital movie to a movie theater based on a log of a movie theatersystem.

On the other hand, in the company information system, the log has beenused, when a security issue occurs such as information compromise of acustomer list or company secret, for seeking the cause of the issue byanalyzing logs collected from the system and stored, and for a purposesuch as inspection to show objectively that the information system isproperly operated.

Like this, since the log has been playing an important role in allsystems nowadays, tampering of log data is a large threat for employingthe system, and it has been an important problem to secure the integrity(to certify that it is not tampered) of the log.

Under this background, two main approaches are proposed to secure theintegrity of the log:

-   -   1. to prevent the tampering itself of the log    -   2. when the log is tampered, to be able to certainly detect the        tampering

Of these, the main object of the invention explained in thisspecification is the above 2. Further, conventional art having the sameobject will be explained in the following.

For example, the Patent Document 1 discloses a data storage processingmethod for storing data by appending a hash/signature for each piece ofdata generated time-sequentially such as an access log. At that time, ahash chain is configured by obtaining a hash from data composed of thecorresponding data and the previous data and appending a signature tothe hash.

However, according to this prior art, the signature is appended to eachof all the records. Since the signature process (secret key operation)requires a large quantity of calculation (approximate 100-1000 times ofhash calculation), the processing load becomes very high undercircumstance that record is frequently generated, which causes a problemthat this prior art is not practical. Further, since the signature isappended to each record, there is another problem that the whole size ofdata becomes large (if RSA (registered trademark) (Rivest ShamirAdleman) 2048-bit key is used for the signature, the data size isincreased by 256 bytes per record; namely, about 342 bytes if Base 64transformation is carried out).

On the other hand, the Non-Patent Document 1 also discloses/suggests aconfiguration using a hash chain for appending the signature to the log.This prior art discloses a configuration drawing in which the signatureis appended to only the last hash of the hash chain. Although it refersto possibility to reduce the signature load or the log size, concreteimplementing method is never shown at what timing to append thesignature to the log data, which dynamically changes, and how to protectdata, which is not protected by the signature, from undetectabletampering. Thus, it is not possible to concretely obtain the advantageof the idea.

Further, the Patent Document 2 discloses an idea for detecting tamperingof data by dividing signature target data, which is not a log,calculating respective hashes, forming a hierarchical structure of them,and appending a signature to the hash of the uppermost level.

However, according to this prior art, the signature is appended only atthe final stage after some amount of logs are accumulated, so that thereis a problem that it is impossible to find a tampering if the data istampered before the logs are accumulated to reach the some amount(because of character of data such as a log, it is necessary to alwaysappend a signature instead of appending only at the final stage).

Patent Document 1: JP2003-143139 Patent Document 2: JP2001-519930

Non-patent Document 1: Digital Cinema System Specification V1.0 p.116-117, Jul. 20, 2005 Digital Cinema Initiatives, LLC,http://www.dcimovies.com/

DISCLOSURE OF THE INVENTION Problems to be Solved by the Invention

A main object of the present invention is to solve the above problems,and further another main object is to obtain a data processing system, adata processing method, and its program having a function, when data istampered, to not only detect tampering but also narrow the tamperedposition as narrow as possible.

Means to Solve the Problems

According to the present invention, a data processing system using afirst memory device and a second memory device, appending a hash valueto data which is sequentially outputted, and storing the data to whichthe hash value is appended in the second memory device, the dataprocessing system includes:

-   -   a hash value copying and storing unit, at each time of storing        the data in the second memory device, for copying a first hash        value and a second hash value which are appended to storage data        to be stored in the second memory device, the first hash value        being generated from the storage data, the second hash value        being generated from a hash value of data which has been stored        prior to the storage data, and storing a copy of the first hash        value and the second hash value in the first memory device;    -   a hash value comparing unit, when new data is outputted, for        comparing a last first hash value and a last second hash value        appended to last data stored last in the second memory unit with        a copy of the last first hash value and the last second hash        value stored in the first memory device;    -   a hash value generating unit, when the hash value comparing unit        determines that the last first hash value and the last second        hash value and the copy of the last first hash value and the        last second hash value are matched, for generating a new first        hash value from the new data, and generating a new second hash        value from the last first hash value and the last second hash        value; and    -   a data storing unit for appending the new first hash value and        the new second hash value generated by the hash value generating        unit to the new data, and storing the new data to which the new        first hash value and the new second hash value are appended in        the second memory device.

The hash value generating unit, when the hash value comparing unitdetermines that the last first hash value and the last second hash valueand the copy of the last first hash value and the last second hash valueare mismatched, generates the new first hash value from the new data,and generates the new second hash value from a value other than the lastfirst hash value and the last second hash value.

The data processing system further includes:

-   -   a tampering detecting report generating unit, when the hash        value comparing unit determines that the last first hash value        and the last second hash value and the copy of the last first        hash value and the last second hash value are mismatched, for        generating a tampering detecting report to notify of a tampering        in the last data.

The hash value copying and storing unit stores the copy of the firsthash value and the second hash value in a tamper proof device as thefirst memory device.

The data processing system further includes:

-   -   a signature generating unit for generating a signature for a        specific piece of data among a plurality pieces of data, and        appending the generated signature to only the specific piece of        data.

The signature generating unit generates the signature at every certaininterval of data.

The signature generating unit generates the signature at every certaininterval of time.

The signature generating unit generates the signature based on aninstruction from an application program which uses the data processingsystem.

The signature generating unit generates the signature when a transferrequest of data stored in the second memory device is issued fromoutside of the data processing system.

The signature generating unit generates the signature based on aninstruction from a user who uses the data processing system.

The signature generating unit generates the signature when an IDS(Intrusion Detection System)/IPS (Intrusion Prevention System) of thedata processing system detects unauthorized intrusion.

The signature generating unit generates the signature for data outputtedlast, when the data processing system finishes operation.

The data processing system further includes:

-   -   a data checking unit, when the data processing system starts,        for checking data stored in the second memory device, and if        there exists data stored after last data to which a signature is        appended, generating an alert to notify of existence of the data        stored after the last data to which the signature is appended.

The hash value generating unit generates upper level hash values from aplurality of first hash values, generates further upper level hashvalues from a plurality of upper level hash values, and generates upperlevel hash values over a plurality of hierarchies.

The data processing system further includes:

-   -   a signature generating unit for generating a signature using a        hash value of an uppermost level among upper level hash values        generated by the hash value generating unit.

According to the present invention, a data processing method using afirst memory device and a second memory device, appending a hash valueto data which is sequentially outputted, and storing the data to whichthe hash value is appended in the second memory device, the methodincludes:

-   -   at each time of storing the data in the second memory device,        copying a first hash value and a second hash value which are        appended to storage data to be stored in the second memory        device, the first hash value being generated from the storage        data, the second hash value being generated from a hash value of        data which has been stored prior to the storage data, and        storing a copy of the first hash value and the second hash value        in the first memory device;    -   when new data is outputted, comparing a last first hash value        and a last second hash value appended to last data stored last        in the second memory unit with a copy of the last first hash        value and the last second hash value stored in the first memory        device;    -   when it is determined that the last first hash value and the        last second hash value and the copy of the last first hash value        and the last second hash value are matched, for generating a new        first hash value from the new data, and generating a new second        hash value from the last first hash value and the last second        hash value; and    -   appending the new first hash value and the new second hash value        generated to the new data, and storing the new data to which the        new first hash value and the new second hash value are appended        in the second memory device.

According to the present invention, a program for making a computerhaving a first memory device and a second memory device append a hashvalue to data which is sequentially outputted, and store the data towhich the hash value is appended in the second memory device, theprogram makes the computer execute:

-   -   a hash value copying and storing process, at each time of        storing the data in the second memory device, for copying a        first hash value and a second hash value which are appended to        storage data to be stored in the second memory device, the first        hash value being generated from the storage data, the second        hash value being generated from a hash value of data which has        been stored prior to the storage data, and storing a copy of the        first hash value and the second hash value in the first memory        device;    -   a hash values comparing process, when new data is outputted, for        comparing a last first hash value and a last second hash value        appended to last data stored last in the second memory unit with        a copy of the last first hash value and the last second hash        value stored in the first memory device;    -   a hash value generating process, when the hash value comparing        process determines that the last first hash value and the last        second hash value and the copy of the last first hash value and        the last second hash value are matched, for generating a new        first hash value from the new data, and generating a new second        hash value from the last first hash value and the last second        hash value; and    -   a data storing process for appending the new first hash value        and the new second hash value generated by the hash value        generating process to the new data, and storing the new data to        which the new first hash value and the new second hash value are        appended in the second memory device.

Effect of the Invention

As discussed above, according to the present invention, by storing inthe first memory device a copy of the first hash value and the secondhash value of storage data to be stored in the second memory device, andwhen new data is outputted, by comparing the last first hash value andthe last second hash value stored in the second memory device with thecopy of the last first hash value and the last second hash value storedin the first memory device, it is possible to detect tampering, so thatit becomes unnecessary to append a signature to all data to be stored inthe second memory device, which reduces the load of signature processand prevents increase of data amount because of the signatures.

Further, in addition to solving the problems of the conventional art,the present invention brings effect to have a function to preventundetectable tampering, and when tampered, to narrow a possibly tamperedposition as narrow as possible.

PREFERRED EMBODIMENTS FOR CARRYING OUT THE INVENTION Embodiment 1 (BasicConfigurations of a Log Output Device and a Log Output Program andSignature Appendage at Every Certain Number of Lines Interval and atEvery Certain Time Interval)

(Format of a Log and Formation of a Hash Chain)

FIG. 1 is a block diagram showing a format of a log for a log outputdevice according to the first embodiment.

A disk 1 records/stores a log.

A record 10 (or simply record, hereinafter) is formed by a data part 11and a hash part 12. Here the data part 11 is a log message body.

Further, the hash part 12 is formed by a data hash (DH) 13 which is ahash value of the data part 11, and a link hash (LH) 14 which is afurther hash value of the hash part 12 of the previous record 10 (here,for the initial record, it is assumed that the hash of the data hash isthe link hash).

The data hash (DH) 13 is an example of the first hash value, and thelink hash (LH) 14 is an example of the second hash value.

A signed record 20 is a record formed by calculating a signature of thehash part 12 of the record 10 and appending the signature after the hashpart 12 as a signature (SIG) 15.

A signature block 1 (2) and a signature block 2 (3) are groups ofrecords connected with a group of links of the link hash (LH) 14 (hashchain) from the initial record to the signed record 20. The final blockN (4) shows unsigned status, to which a signature has not yet appended.

Further, the hash chain is connected among blocks. In FIG. 1, the linkhash (LH) 14 of the initial record of the signature block 2 (3) isconcatenated to the hash part 12 of the final record.

If the log generated as above is transferred to another system, bysending the log with status in which the signature is appended to thelatest record so as to verify the integrity (being not tampered) by thetransferred designation, it is possible to send a plurality of signatureblocks at once.

By forming the log as discussed above, a part which is given a signatureis the hash part 12 of the final record, which brings an advantage thatit is unnecessary to read the whole log so as to calculate a hash whenappending the signature.

(Configuration Example of the Log Output Device)

FIG. 2 is a block diagram showing a configuration example of the logoutput device according to the first embodiment of the presentinvention.

It is assumed that the log output device 100 is a general computerincluding a CPU (Central Processing Unit), a memory, a disk, aninputting device such as a keyboard/mouse, and an outputting device suchas a display.

The log output device 100 includes a log output processing unit 101. Thelog output processing unit 101 is an example of a data processingsystem. The log output processing unit 101 can be implemented by, forexample, a log outputting resident program which is resident in amemory.

The log output processing unit 101 receives a log outputted by variousapplication programs 111 (or simply applications, hereinafter) via a logoutput library 110 to which each application program links, for example,through interprocess communication, and outputs the log with a signatureto a disk 112.

Further, the log output device 100 includes a latest hash memory unit102. The latest hash memory unit 102 can be implemented by, for example,allocating a memory area for storing the latest hash value on a processmemory.

The latest hash memory unit 102 is formed to maintain a copy of the hashpart 12 (both of the data hash (DH) 13 and the link hash (LH) 14) of thelatest record outputted to the disk 112 as the log.

The latest hash memory unit 102 (a process memory) is an example of thefirst memory device, and the disk 112 is an example of the second memorydevice.

Further, the log output device 100 includes a signature requesting unit103. The signature requesting unit 103 receives a signature request froman outside or an inside of the log output device 100, and outputs thesignature request to a signature generating unit 1013 (discussed later)inside of the log output processing unit 101, and then the signature isappended to the latest record of the log on the disk 112.

The signature requesting unit 103, concretely, can be implemented by amechanism such as a signal handler in the UNIX (registered trademark)program, and it is also possible to implement by an explicit signaturerequest from the log output library 110, or by maintaining a timer togive a timing for generating a signature by itself, etc.

The log output device 100 holds a pair of public keys by itself,respectively maintained in a secret key maintaining unit 104 and apublic key maintaining unit 105. Further, a tamper proof device 106 canbe included optionally; in such a case, the log output device 100 can beformed to include the latest hash memory unit 102 and the secret keymaintaining unit 104 in the tamper proof device 106.

Next, FIG. 3 explains an internal configuration example of the logoutput processing unit 101 (the data processing system).

Each time a record is stored in the disk 112 (the second memory device),a hash value copying and storing unit 1015 copies the data hash (DH) 13(the first hash value), which is generated from the data part 11 of thecorresponding record and appended to the record to be stored, and thelink hash (LH) 14 (the second hash value), which is generated from thehash part 12 which has been stored prior to the corresponding record,and stores the copy of the data hash (DH) 13 and the link hash (LH) 14in the latest hash memory unit 102 (the first memory device).

When new data (the data part 11) is outputted, a hash value comparingunit 1011 compares the last hash part 12 (the data hash (DH) 13 and thelink hash (LH) 14) appended to the last data which is stored in the disk112 the last with the copy of the last hash part 12 stored in the latesthash memory unit 102.

If the hash value comparing unit 1011 determines that the last hash part12 and the copy of the last hash part 12 are matched, a hash valuegenerating unit 1012 generates a new data hash (DH) 13 from new data(the data part 11) and as well generates a new link hash (LH) 14 fromthe last hash part 12.

Based on the signature request from the signature requesting unit 103,the signature generating unit 1013 generates a signature for specificpiece of data (the last data) among plural pieces of data and appendsthe generated signature to the specific data. The signature generatingunit 1013 can generate a signature, for example, at every certain datainterval or can generate a signature at every certain time interval.

A data storing unit 1014 appends the new data hash (DH) 13 and the newlink hash (LH) 14 generated by the hash value generating unit 1012 tothe new data (the data part 11) as the hash part 12, and stores therecord 10 in the disk 112 (the second memory device) after the data hash(DH) 13 and the link hash (LH) 14 are appended.

Further, if the signature is generated by the signature generating unit1013, the data storing unit 1014 stores the signed record 20 to whichthe signature is appended in the disk 112.

A tampering detecting report generating unit 1016 generates a tamperingdetecting report to notify of tampering at the last data if the hashvalue comparing unit 1011 determines that the last hash part 12 and thecopy of the last hash part 12 are mismatched.

Here, when the hash value comparing unit 1011 determines the last hashpart 12 and the copy of the last hash part 12 are mismatched, as well asthe generation of the tampering detecting report by the tamperingdetecting report generating unit 1016, the hash value generating unit1012 can generate a new data hash (DH) 13 from new data, and as wellgenerate a new link hash (LH) 14 from a value other than the last hashpart 12. In this case, the new data is not to be linked to the last datawhich has been tampered.

(Hardware Configuration Example of the Log Output Device)

Next, a hardware configuration example of the log output device 100including the log output processing unit 101 will be explained.

As has been discussed, the log output device 100 can be formed by ageneral computer; it can be formed by, for example, a hardwareconfiguration shown in FIG. 10.

Here, the configuration of FIG. 10 merely shows an example of thehardware configuration of the log output device 100; the hardwareconfiguration of the log output device 100 is not limited to theconfiguration shown in FIG. 10, but can be another configuration.

In FIG. 10, the log output device 100 includes a CPU 911 (CentralProcessing Unit; also called a central processing device, a processingdevice, an operation device, a micro processor, a micro computer, or aprocessor) which executes programs.

The CPU 911 is connected via a bus 912 to, for example, a ROM (Read OnlyMemory) 913, a RAM (Random Access Memory) 914, a communication board915, a display unit 901, a keyboard 902, a mouse 903, a magnetic diskdrive 920, and controls these hardware devices.

Further, the CPU 911 can be connected to an FDD 904 (Flexible DiskDrive), a compact disk drive 905 (CDD), a printer device 906, or ascanner device 907. Or the magnetic disk drive 920 can be replaced witha memory device such as an optical disk drive, a memory cardreading/writing device, etc.

The RAM 914 is an example of a volatile memory. Storage medium of theROM 913, the CDD 905, and the magnetic disk drive 920 are examples ofnonvolatile memories. These are examples of a memory device or a memoryunit.

The communication board 915, the keyboard 902, the scanner device 907,the FDD 904, etc. are examples of an inputting unit or an inputtingdevice.

Further, the communication board 915, the display unit 901, the printerdevice 906, etc. are examples of an outputting unit or an outputtingdevice.

The communication board 915 can be connected via network to a logcollection/management system which is a destination of transferringlogs. For example, the communication board 915 can be connected to a LAN(local area network), the Internet, a WAN (wide area network), etc.

The magnetic disk drive 920 stores an operating system 921 (OS), awindow system 922, a group of programs 923, and a group of files 924.Programs of the group of programs 923 are executed by the CPU 911, theoperating system 921, and the window system 922.

Further, the magnetic disk drive 920 can store the log with signatureshown in FIGS. 1 and 2.

The group of programs 923 store programs for executing functions thatwill be explained in the present and following embodiments as the logoutput processing unit 101 and its internal configuration. The programsare read and executed by the CPU 911.

The group of files 924 store information, data, signal values, variablevalues, or parameters showing a result of processing which will bediscussed in the following explanation as “determination of--”,“calculation of--”, “comparison of--”, “evaluation of--”, “generationof--”, etc. as each item of “--file” or “-- database”. “-- file” or “--database” are stored in the recording medium such as disks or memories.The information, data, signal values, variable values, or parametersstored in the storage medium such as disks or memories are read by theCPU 911 via a reading/writing circuit to a main memory or a cachememory, and used for the operation of the CPU such as extraction,retrieval, reference, comparison, operation, calculation, processing,compilation, output, printing, displaying, etc. During the operation ofthe CPU of extraction, retrieval, reference, comparison, operation,calculation, processing, compilation, output, printing, displaying, theinformation, data, signal values, variable values, or parameter aretemporarily stored in the main memory, the register, the cache memory,the buffer memory, etc.

Further, an arrow part of the flowcharts which will be explained in thefollowing mainly shows an input/output of data or signals, and the dataor the signal values are recorded in the recording medium such as amemory of the RAM 914, a flexible disk of the FDD 904, a compact disk ofthe CDD 905, a magnetic disk of the magnetic disk drive 920, and otherslike an optical disk, a mini-disk, a DVD, etc. Further, the data orsignals are transmitted on-line by the transmission medium such as thebus 912, a signal line, a cable, etc.

Further, the log output processing unit 101 and its internalconfiguration which will be explained in the present and followingembodiments can be “-- circuit”, “-- device”, “-- equipment”, “--means”, and also can be “-- step”, “-- procedure”, “-- process”.

Namely, the log output processing unit 101 and its internalconfiguration which will be explained can be implemented by firmwarestored in the ROM 913. Or it can be implemented only by software, onlyby hardware such as elements, devices, boards, wiring, etc., or acombination of software and hardware, and further implemented by acombination with firmware. The firmware and software are stored asprograms in the recording medium such as a magnetic disk, an flexibledisk, an optical disk, a compact disk, a mini-disk, a DVD, etc.

The programs are read by the CPU 911, and executed by the CPU 911.Namely, the programs are to function the computer as the log outputprocessing unit 101 and its internal configuration which will bediscussed in the present and following embodiments. Or they are to havethe computer execute the procedure and the method of the log outputprocessing unit 101 and its internal configuration which will bediscussed in the present and following embodiments.

Like this, the log output device 100 described in the present andfollowing embodiments is a computer including the CPU being a processingdevice, the memory, the magnetic disk, etc. being a memory device, thekeyboard, the mouse, the communication board, etc. being an inputtingdevice, the display unit, the communication board, etc. being anoutputting device, and as discussed above, functions shown as the logoutput processing unit 101 and its internal configuration areimplemented by the processing device, the memory device, the inputtingdevice, and the outputting device.

(Operation at the Time of Outputting a Log)

In the following, the operation at the time of outputting a log will beexplained.

FIG. 5 is a flowchart showing an example of the operation (the dataprocessing method) of the log output processing unit 101 at that time.

When the log output process starts, at step ST301, the hash valuecomparing unit 1011 of the log output processing unit 101 first readsthe hash part 12 of the latest record of the disk 112, namely, the lasthash part 12 appended to the last data stored in the disk 112 the last.

Next, at step ST302, the hash value comparing unit 1011 compares with acopy value of the last hash part 12 maintained on the latest hash memoryunit 102 (the process memory).

At step ST303, if they are mismatched, the hash value comparing unit1011 determines that the log on the disk is tampered, the tamperingdetecting report generating unit 1016 generates a tampering detectingreport at step ST312, the data storing unit 1014 outputs the tamperingdetecting report to the disk 112, and the log output process terminates.

On the other hand, at step ST303, if the last hash part 12 and its copyare matched, the hash value generating unit 1012 calculates a data hash(DH) 13 from the data part 11 of the corresponding data at step ST304.

Next, at step ST305, the hash value generating unit 1012 calculates alink hash (LH) 14 from the copy of the last hash part 12 maintained onthe latest hash memory unit 102 (the process memory), and at step ST306,the data hash and the link hash are combined to generate the hash part12.

Then, at step ST307, the data storing unit 1014 generates the record 10by combining the data part 11 and the hash part 12.

Here, at step ST308, the signature generating unit 1013 determines if asignature request from the signature requesting unit 103 exists or not,and if the signature request exists, the signature generating unit 1013further calculates a signature 15 of the hash part 12 at step ST309,appends the signature 15 to the record 10, and on the other hand, doesnot do anything if no signature request exists.

As the above, the generated record is outputted by the data storing unit1014 to the disk 112 at step ST310, at step ST311, the hash valuecopying and storing unit 1015 generates a copy of the hash part 12generated at steps ST304-306, and that copy is maintained on the latesthash memory unit 102 (the process memory).

Up to above, the log output process terminates.

By operating as discussed above, it is possible to form a hash chain inthe log outputted on the disk.

Further, if a block without protection by a signature is tampered, thetamper cannot be detected; however, as has been discussed above, bymaintaining the hash part 12 (DH and LH combined) of the last record onthe process memory, and making a comparison everytime writing the recordon the disk, it is possible to detect tampering of the block withoutprotection by the signature.

Further, by configuring to maintain on the tamper proof device 106 thecopy of the hash part 12 maintained on the process memory, it ispossible to prevent undetectable tampering with a higher precision.Namely, it is possible to prevent the hash part 12 of the last record onthe disk and the hash maintained on the process memory from beingsimultaneously tampered.

Further, as shown in FIG. 7, if they are mismatched at step ST303, thetampering detecting report generating unit 1016 generates a tamperingdetecting report (step ST312), after the data storing unit 1014 outputsthe tampering detecting report to the disk 112 (ST313), the hash valuegenerating unit 1012 generates the data hash (DH) 13 from the data part11 of the log output data (step ST314), and the hash value generatingunit 1012 generates the link hash (LH) 14 from the data hash (DH) 13(step ST315). By operating as above, new data can be separated from thetampered last data, so that a new hash chain can be formed from this newdata.

Further, advantages of the configuration of the present embodiment willbe explained by referring to the patent document 1.

In both of an idea discussed in the present embodiment and an idea ofthe patent document 1, the log on the disk can be divided into the datapart 11 and the hash part 12; both of which can be a target to betampered. Therefore, although both ideas provide a configuration to havea copy of the hash part 12 on a memory, according to the patent document1, only a part corresponding to the data hash (DH) 13 in theconfiguration of the present embodiment is maintained on the memory, buta part corresponding to the link hash (LH) 14 is not maintained on thememory.

Instead, according to the patent document 1, by appending signatures tothe records on the disk, undetectable tampering, which may be possiblydone on the link hash part, is prevented. As long as such aconfiguration is kept, the signature must be appended to every record onthe disk, which always causes a problem of signature processing loadthat has been explained at the beginning of this specification.

On the other hand, since the present embodiment is configured tomaintain also the link hash (LH) 14 on the memory, it is unnecessary torely on the signatures of all records on the disk for preventingundetectable tampering, which successfully generates a large effect thatthe signature can be partially done.

Like this, according to the present embodiment, the existence oftampering of the link hash is checked, and if no tampering exists on thelink hash, it is possible to confirm the hash chain is correct.

(Operation at the Time of Appending Signatures)

Next, the operation at the time of appending signatures (the operationin case of appending a signature independently from the log outputprocess) will be discussed.

FIG. 6 is a flowchart showing an operation example of the log outputprocessing unit 101 at that time.

On starting the signature process, first at step ST401, the hash valuecomparing unit 1011 reads the latest record on the disk. Next, at stepST402, it is determined whether the read latest record has been signedor not, and if already signed, the process terminates, since thesignature process is unnecessary.

If not signed, at step ST403, the hash value comparing unit 1011compares the hash part 12 of the read record with the hash part 12 ofthe latest record maintained on the process memory.

At step ST404, if they are mismatched, the hash value comparing unit1011 determines that the log record on the disk is tampered, and at step407, the tampering detecting report generating unit 1016 generates atampering detecting report, the data storing unit 1014 outputs thetampering detecting report to the disk, and the signature processterminates.

At step ST404, if matched, step ST405, the signature generating unit1013 calculates a signature of the hash part 12.

Next, at step ST406, the signature generating unit 1013 appends thesignature to the latest record on the disk, and the signature processterminates.

By the above configuration, it is possible to append a signature at anarbitrary timing when the log output processing unit 101 receives thesignature request other than the timing for outputting the log to thedisk.

(Signature Appendage at a Certain Number of Lines Interval)

Based on the configuration/operation discussed above, the signaturegenerating unit 1013 of the log output processing unit 101 can append asignature to the log at a certain number of lines interval (a certaindata interval).

Here, this can be implemented by the following: anumber-of-record-outputs counter, not illustrated, is provided inside ofthe log output processing unit 101, when reaching a certain number oftimes, the counter itself outputs the signature request to the signaturegenerating unit 1013, and the signature is appended to the recordwritten on the disk. A predetermined number of lines interval isspecified in a setting file, also not illustrated, and it is possible toconfigure the log output processing unit 101 so as to read the number atthe time of starting.

By the above configuration, it is possible to reduce the processing loadand the log size caused by the signature of the log, and further tooutput the log without undetectable tampering.

(Signature Appendage at a Certain Time Interval)

Based on the configuration/operation discussed above, the signaturegenerating unit 1013 of the log output processing unit 101 can append asignature to the log at a certain time interval.

This can be implemented by the following: a timer, not illustrated, isprovided inside of the log output processing unit 101, when a certaintime period has passed after the previous signature is done, the timeritself outputs the signature request to the signature generating unit1013, and the signature is appended to the latest record on the disk. Acertain time interval is specified in a setting file, also notillustrated, and it is possible to configure the log output processingunit 101 so as to read the interval at the time of starting.

By the above configuration, it is possible to reduce the processing loadand the log size caused by the signature of the log, and further tooutput the log without undetectable tampering.

(Integrity Verification of the Log (at Normal Operation))

FIG. 4 is a flowchart showing verification process of the log outputtedin the format explained in FIG. 1 by log verifying means (a logverifying program mounted on a log collection/management system of atransferred destination of the log).

When the verification process starts, at step ST201, the latest recordof the log (the last record of the log) is read.

At step ST202, it is determined if the last record is the signed recordor not (normally, the latest record is the signed record when the log isverified), and if it is the signed record, the process proceeds to stepST206. The process will be discussed later when it is not the signedrecord.

At step ST206, the signature is decrypted using a public key of the logoutput device, and at step ST207, the decrypted signature is comparedwith the hash part 12 of the record.

If they are matched at step ST208, the process proceeds to step ST212.The process will be discussed later when they are mismatched.

In order to verify the data part 11, at step ST212, a hash of the datapart 11 is calculated and it is compared with the data hash (DH) 13 ofthe hash part 12. If they are matched at step ST213, the processproceeds to ST215. The process will be discussed later when they aremismatched.

At step ST215, the previous record is read in order to verify a link tothe previous record.

If no previous record exists at step ST216, the verification processterminates.

If the previous record exists at step ST216, the record which iscurrently read is set as an object of verification at step ST217, a hashof the hash part 12 of the verification object record is calculated, andthe hash is compared with the link hash (LH) 14 of the hash part 12 ofthe previous verification object record. At step ST218, the match isconfirmed again.

By repeating the above processes until it is determined that there is norecord at step ST216, the verification of log can be performed.

(Integrity Verification of the Log (in Case the Latest Record is Not aSigned Record))

If it is determined that the latest record is not a signed record atstep ST202, at step ST219, that record is determined to beuntrustworthy.

Next, in order to search the latest signed record, the subsequent (theprevious) record is read at step ST203.

At step ST204, the existence/absence of the record is checked, and ifthe record exists, the process returns back to step ST202 again todetermine if it is the signed record or not. By repeating the aboveprocess, the latest signed record is searched.

During the process, if it is determined that no signed record exists atST204, the log is determined to be unverifiable at step ST205, and theverification process terminates.

(Integrity Verification of the Log (In Case the Hash Part is Tampered))

At step ST208, if the hash part 12 is not matched with the decryptedsignature or the link hash (LH) 14 of the previous verification objectrecord, at step ST209, it is determined that all the records being olderthan the verification object record inclusive among the correspondingsignature block are untrustworthy, and at step ST210, the log issearched up to next signature (block).

If it is determined that the signed record exists at step ST211, theverification process is continued again from that record at step ST206.If it is determined that no signed record exists, the verificationprocess terminates.

(Integrity Verification of the Log (In Case the Data Part is Tampered))

At step ST213, if the hash of the data part 11 and the data hash (DH) 13are mismatched, it is determined that the data part 11 of thecorresponding record is tampered at step ST214, then the process returnsto step ST215, and the verification process is continued again from theprevious record.

Hereinbefore, in the present embodiment, the log output device has beenexplained, which forms, for data which is outputted along the time axissuch as a log, a record including a data part corresponding to the data(message) body and a hash part to be newly appended and outputs to thedisk.

Then, it has been explained that in the log output device, the hash partis formed by a hash of the data part (hereinafter, called as data hash“DH”) and a hash of the hash part of the previous record (hereinafter,called as link hash “LH”) (if no previous data exists, a hash of DH isLH), and a hash chain including a link of the hash part is formed.

Further, it has been explained that the log output device appends thesignature only to a part of the records of the hash chain.

Further, it has been explained that the log output device, at timingwhen data is outputted, forms a record by calculating DH and LH of thecorresponding data and generating a hash part, outputs it to the disk,and as well maintains a copy of the hash part generated (including bothDH and LH) on the process memory.

Further, it has been explained that the log output device, when nextdata is outputted, compares the hash part of the latest record on thedisk with the hash part maintained on the process memory, if they arematched, it is determined that the record on the disk is not tampered,further the record linked by the hash chain is outputted on the disk, ifthey are mismatched, it is determined that the record on the disk istampered, detection of the tampering is recorded on the record, the nextdata is not linked to the previous record, and a new record is generatedon the premise that there is no previous record.

Further, according to the present embodiment, the log output device hasbeen explained, which maintains a copy of the hash part not on theprocess memory, but inside of a tamper proof device mounted on anequipment in which the program is operated.

Further, in the present embodiment, the log output device has beenexplained, which appends a signature to the hash part of the latestrecord on the disk at every certain number of lines interval of logrecord outputs.

Further, in the present embodiment, the log output device has beenexplained, which appends a signature to the hash part of the latestrecord on the disk at every certain time interval.

Embodiment 2

(Signature Appendage Based on Application Instruction and Log TransferRequest from the Outside)

In the present embodiment, another embodiment will be discussed, inwhich timing for appending a signature to the log on the disk is at thetime of instruction by the application 111 and at the time of logtransfer request from the outside.

Here, configurations of the log output device, the log output processingunit 101, log format, etc. are the same as ones discussed in the firstembodiment, and description is omitted in the present embodiment.

(Signature Appendage by Application Instruction)

Based on the configuration/operation explained in the first embodiment,the signature generating unit 1013 of the log output processing unit 101can append signatures to the log at timing instructed by the application111.

This can be implemented by configuring the device so that theapplication 111 requests the linked log output library 110 to output thelog, and as well instructs the log output processing unit 101 to appenda signature after the output at the same time. The instruction ofsignature request can be implemented by adding a parameter whose inputis existence/absence of the signature request to a log output API(Application Programming Interface) provided by the log output library110.

By this configuration, if one unit of processing in some businessapplication is logically set as a log to be verified, for example, theapplication instructs to also append the signature when recording theend of the process in the log, then the signature can be appended to thelast record of the logical log to be verified.

(Signature Appendage by Log Transfer Request from the Outside)

Based on the configuration/operation explained in the first embodiment,the signature requesting unit 103 of the log output processing unit 101can append the signature to the log at timing when a log transferrequest is issued from the outside (a log collection/management system,for example).

This can be implemented by configuring the device so that the signaturerequesting unit 103 receives a log transfer request from the outside logcollection/management system, not illustrated.

The signature requesting unit 103 can be configured to receive the logtransfer request as a signal.

By this operation, the log collection/management system can confirm theintegrity of all the records, since the signature is appended to thelast record of the log received from the log output device 100.

In the present embodiment, the log output device has been explained,which appends the signature to the hash part of the latest record on thedisk at timing instructed by the application.

Further, in the present embodiment, the log output device has beenexplained, which appends the signature to the hash part of the latestrecord on the disk when the log transfer request is issued from theoutside.

Embodiment 3 (Signature Appendage Based on Instruction of anAdministrator or an Operator)

In this embodiment, another case will be explained, in which it isassumed a signature is appended to a log on a disk when an instructionis done by an administrator or an operator.

Here, the configuration of the log output device, the log outputprocessing unit 101, the log format, etc. are the same as discussed inthe first embodiment, and their descriptions will be omitted in thisembodiment.

Based on the configuration/operation explained in the first embodiment,the signature requesting unit 103 of the log output processing unit 101can append the signature to the log at timing when the signature requestis issued from the administrator or the operator (a user of the logoutput device 100).

This can be implemented by configuring the device so that the signaturerequesting unit 103 receives the signature request from theadministrator or the operator.

By this configuration, it is possible to obtain the log of which theintegrity is verifiable for all the records at irregular timing when theadministrator/operator thinks necessary other than periodical or routinelog collection timing.

As discussed above, in the present embodiment, the log output device hasbeen explained, which appends the signature to the hash part of thelatest record on the disk at timing instructed by theadministrator/operator.

Embodiment 4 (Signature Appendage Based on Timing When IDS/IPS DetectsIntrusion)

In the present embodiment, another case will be explained, in which thesignature is appended to the log on the disk at timing when an IDS(Intrusion Detection System) or an IPS (Intrusion Prevention System)attached to the log output device 100 detects the intrusion.

Here, the configurations of the log output device, the log outputprocessing unit 101, the log format, etc. are the same as discussed inthe first embodiment, and their descriptions will be omitted in thisembodiment.

By configuring the device so that the intrusion detection event by theIDS/IPS is received by the signature requesting unit 103 of the logoutput device, the signature generating unit 1013 can generate thesignature when the intrusion detection event occurs.

By this configuration, it is possible to append the signature to the logbefore the log output device is affected by threat of the security.

Like the above, in the present embodiment, the log output device hasbeen explained, which appends the signature to the latest record on thedisk at timing when the IDS (Intrusion Detection System)/the IPS(Intrusion Prevention System) detects the intrusion.

Embodiment 5 (Operation of the Log Output Processing Unit 101 at theTime of Starting/Finishing)

In the present embodiment, another embodiment of the operation will bediscussed, which is carried out by the log output processing unit 101for the log on the disk at the time of starting/finishing.

The log output device 100 related to the present embodiment has aninternal configuration, for example, as shown in FIG. 8.

In FIG. 8, although including the same function as shown in the firstembodiment, the signature generating unit 1013 generates the signaturefor data outputted the last when the log output processing unit 101finishes the operation according to the present embodiment.

Then, when the log output processing unit 101 is started, a datachecking unit 1017 checks the data stored in the disk 112, if thereexists data stored after the last data to which the signature isappended, the data checking unit 1017 generates an alert to notify thatthere exists the data stored after the last data to which the signatureis appended. This is because it is considered the data stored after thelast data to which the signature is appended might have possibly beentampered.

In FIG. 8, elements other than the signature generating unit 1013 andthe data checking unit 1017 are the same as shown in FIG. 3.

Further, the log format is the same as described in the firstembodiment.

(Operation of the Log Output Processing Unit 101 at the Time ofFinishing)

The signature generating unit 1013 of the log output processing unit 101is configured to append the signature to the latest record on the disk112 (the record which has been stored in the disk the last) at the timeof finishing the operation (at the time of finishing the program if thelog output processing unit 101 is configured by the program).

In UNIX (registered trademark), it is generally done that a SIGTERMsignal is received at the time of finishing the process, so that theabove can be concretely implemented by configuring to include thisprocess in a SIGTERM signal handler.

By this configuration, it is possible to eliminate a case in which arecord, which is not protected by the signature, remains on the disk.

(Operation of the Log Output Processing Unit 101 at the Time ofStarting)

The data checking unit 1017 of the log output processing unit 101 isconfigured to refer to the latest log record on the disk 112 at the timeof starting the log output processing unit 101 (at the time of startingthe program if the log output processing unit 101 is configured by theprogram), and if the signature is not appended, to record an alert thatthe log record recorded after the last signature is untrustworthy (if nosigned record exists in the log, the whole log is untrustworthy).

By this configuration, it is possible to prevent a case in which onetrusts the log, which is tampered when no signature is appended.

Like the above, in the present embodiment, the log output device hasbeen explained, which appends the signature to the last log record onthe disk at the time of finishing the operation.

Further, in the present embodiment, the log output device has beenexplained, which records at the time of starting, if the signature isnot appended to the last log record on the disk, that the record storedafter the last signature is untrustworthy

Embodiment 6 (Narrowing the Possibly Tampered Position by CombinationWith a Hash Tree)

In the present embodiment, another form will be discussed, in which ifthe log on the disk is tampered, the possibly tampered position isnarrowed as narrow as possible.

In the verification method of the log using the hash chain, as shown inthe first embodiment or FIG. 4, if the hash part 12 of the record istampered, the record older than the tampered record should be determinedas untrustworthy even if it is not tampered, since the older recordcannot be verified.

Therefore, the method can accomplish the first object of preventing theundetectable tampering; however, if the signature record or the hashpart 12 of its adjacent record is tampered, the whole or most part ofthe log sometimes cannot be trusted.

In the present embodiment, a configuration will be explained, in whichby linking the record using not only the hash chain but also a linkingmethod called a hash tree, it is possible to narrow a possibly tamperedrange as narrow as possible if the log is tampered.

(Configuration of the Hash Tree)

FIG. 9 shows the signature block 2 including a plurality of log recordswith a hash tree implemented. Although the hash chain is simultaneouslyformed, only linked structure by the hash tree is shown in the figure,for the purpose of simplicity.

Data hash (DH1) 50 of the first stage is a hash of the data part 11 ofeach record. Further, data hash (DH2) 51 of the second stage is formedby hashing combined data of a certain number of pieces (three in thefigure) of the data hash (DH1) 50 of the first stage.

Similarly, data hash (DH3) 52 of the third stage is formed by hashingcombined data of a certain number of pieces (also three in the figure)of the data hash (DH2) 51 of the second stage.

Although FIG. 9 shows only up to the data hash of the third stage, it isneedless to say that data hashes of the fourth stage or the fifth stagebecome necessary as the number of records increases.

Here, when appending the signature, it is configured to append thesignature to a combination of a group of data hashes of the uppermoststage. Further, as the lower two records of the records shown in FIG. 9,if an incomplete number of records exist, whose number does not reachthe certain number (three in the figure), it is configured so that adata hash of the one-upper stage is generated even if the number ofrecords does not reach the certain number, and when the signature 60 isappended, the signature is appended after a hash covering the incompletenumber of records is added, in addition to the group of data hashes ofthe uppermost stage.

The configuration of the log output device 100 of the present embodimentis the same as one shown in FIG. 2, and the configuration of the logoutput processing unit 101 is the same as one shown in FIG. 3.

In this embodiment, however, the hash value generating unit 1012 of thelog output processing unit 101, as shown in FIG. 9, generates a datahash (DH) of the upper stage (upper level hash values) from a pluralityof data hashes (DH) (the first hash value), generates a data hash of thefurther upper stage (further upper level hash values) from a pluralityof data hashes of the upper stage, and generates data hashes (DH) ofupper stages over a plurality of hierarchies.

Further, in the present embodiment, the signature generating unit 1013of the log output processing unit 101 generates the signature using thedata hash of the uppermost stage out of the data hashes (DH) of theupper stage generated by the hash value generating unit 1012.

(Verification of the Hash Tree)

Next, the verification of the hash tree generated by the aboveconfiguration will be explained.

First, the log collection/management system, which obtains the log fromthe log output device 100, decrypts the signature using the public keyof the log output device 100, and compares with a combination of a groupof hashes of the uppermost node. Namely, a combination of a group ofdata hashes of the uppermost stage and the data hash extracted from thedecrypted signature are compared. If they are matched, the data hash ofeach uppermost node is compared with the hash of a combination of thegroup of hashes of the one lower stage. This kind of comparison isrepeated up to the node of the lowermost stage, and if all are matched,it is possible to verify that the hash part has not been tampered.

Next, a hash of the data part 11 is calculated for each record, and bycomparing with the data hash of the first stage, it is possible todetect the existence/absence of the tampering of the data part 11.

Here, if the tampering exists in the hash part, all data in the recordshanging downwardly from the tampered node are considered to beuntrustworthy.

For example, if the data hash of the third stage placed uppermost inFIG. 9 is correct (if the data hash of the third stage is matched withthe data hash extracted from the decrypted signature) and it is notmatched with a hash of a combination of the group of its data hashes ofthe second stage, the subsequent data (9 records from the top in FIG. 9)is considered to be untrustworthy.

(Effect by Combining the Hash Chain and the Hash Tree)

The following will explain effect obtained from combining the hash chainand the hash tree.

Using only the hash chain, as has been discussed above, there is aproblem that if the hash part 12 of the signature record or its adjacentrecord is tampered, a large part of the records become untrustworthy; insuch a case, if the hash part of the hash tree (the hash part of thehash tree is DH1, DH2, and DH3) is not tampered, it is possible toverify all records. In the contrary case (although a part of the hashpart of the hash tree is tampered, the hash part of the hash chain (thehash part of the hash chain is DH1 and LH) is not tampered), it is alsopossible to verify all records.

Further, even if the hash part of the hash tree and the hash part of thehash chain are tampered at the same time, when the tampered position isat the lower stage of the tree, there remains a large verifiable range,which enables to obtain effect that it is possible to make a part, whichis unverifiable by the hash chain, verifiable.

As above, in the present embodiment, the log output device has beenexplained, which outputs the records to the disk with linking the hashparts hierarchically in addition to the hash chain, and appends thesignature to the group of hashes of the uppermost node of the tree attiming of the signature.

Here, the log output device 100 and the log output processing unit 101shown in the first through sixth embodiments are effective for the usewhich aims the securement of log integrity required at, for example, acontents distribution system or a company information system, withpractical processing load and data amount.

Here, although in the foregoing first through sixth embodiments, the logoutput device has been explained using the log data as an example, thelog output device shown in the first through sixth embodiments can beapplied to not only the log data but also data which is sequentiallyoutputted.

BRIEF EXPLANATION OF THE DRAWINGS

FIG. 1 is a block diagram showing a format of a log outputted by a logoutput device according to the first through fifth embodiments.

FIG. 2 is a block diagram showing a configuration example of the logoutput device according to the first through fifth embodiments.

FIG. 3 is a block diagram showing an internal configuration example of alog output device according to the first through fifth embodiments.

FIG. 4 is a flowchart for verifying the integrity of the log outputtedin the format of FIG. 1.

FIG. 5 is a flowchart showing an operation example of the log outputprocessing unit 101 at the time of outputting the log according to thefirst embodiment.

FIG. 6 is a flowchart showing an operation example of the log outputprocessing unit 101 at the time of appending the signature according tothe first embodiment.

FIG. 7 is a flowchart showing an operation example of the log outputprocessing unit 101 at the time of outputting the log according to thefirst embodiment.

FIG. 8 shows an internal configuration example of a log outputprocessing unit according to the fifth embodiment of the invention.

FIG. 9 shows a format of the log outputted by the log output deviceaccording to the sixth embodiment.

FIG. 10 shows a hardware configuration example of the log output deviceaccording to the first through sixth embodiments.

EXPLANATION OF SIGNS

100: a log output device, 101: a log output processing unit, 102: alatest hash memory unit, 103: a signature requesting unit, 104: a secretkey maintaining unit, 105: a public key maintaining unit, 106: a tamperproof device, 110: a log output library, 111: an application, 1011: ahash value comparing unit, 1012: a hash value generating unit, 1013: asignature generating unit, 1014: a data storing unit, 1015: a hash valuecopying and storing unit, 1016: a tampering detecting report generatingunit, and 1017: a data checking unit.

1. A data processing system using a first memory device and a secondmemory device, appending a hash value to data which is sequentiallyoutputted, and storing the data to which the hash value is appended inthe second memory device, the data processing system comprising: a hashvalue copying and storing unit, at each time of storing the data in thesecond memory device, for copying a first hash value and a second hashvalue which are appended to storage data to be stored in the secondmemory device, the first hash value being generated from the storagedata, the second hash value being generated from a hash value of datawhich has been stored prior to the storage data, and storing a copy ofthe first hash value and the second hash value in the first memorydevice; a hash value comparing unit, when new data is outputted, forcomparing a last first hash value and a last second hash value appendedto last data stored last in the second memory unit with a copy of thelast first hash value and the last second hash value stored in the firstmemory device; a hash value generating unit, when the hash valuecomparing unit determines that the last first hash value and the lastsecond hash value and the copy of the last first hash value and the lastsecond hash value are matched, for generating a new first hash valuefrom the new data, and generating a new second hash value from the lastfirst hash value and the last second hash value; and a data storing unitfor appending the new first hash value and the new second hash valuegenerated by the hash value generating unit to the new data, and storingthe new data to which the new first hash value and the new second hashvalue are appended in the second memory device.
 2. The data processingsystem of claim 1, wherein the hash value generating unit, when the hashvalue comparing unit determines that the last first hash value and thelast second hash value and the copy of the last first hash value and thelast second hash value are mismatched, generates the new first hashvalue from the new data, and generates the new second hash value from avalue other than the last first hash value and the last second hashvalue.
 3. The data processing system of claim 1 further comprising: atampering detecting report generating unit, when the hash valuecomparing unit determines that the last first hash value and the lastsecond hash value and the copy of the last first hash value and the lastsecond hash value are mismatched, for generating a tampering detectingreport to notify of a tampering in the last data.
 4. The data processingsystem of claim 1, wherein the hash value copying and storing unitstores the copy of the first hash value and the second hash value in atamper proof device as the first memory device.
 5. The data processingsystem of claim I further comprising: a signature generating unit forgenerating a signature for a specific piece of data among a pluralitypieces of data, and appending the signature generated to only thespecific piece of data.
 6. The data processing system of claim 5,wherein the signature generating unit generates the signature at everycertain interval of data.
 7. The data processing system of claim 5,wherein the signature generating unit generates the signature at everycertain interval of time.
 8. The data processing system of claim 5,wherein the signature generating unit generates the signature based onan instruction from an application program which uses the dataprocessing system.
 9. The data processing system of claim 5, wherein thesignature generating unit generates the signature when a transferrequest of data stored in the second memory device is issued fromoutside of the data processing system.
 10. The data processing system ofclaim 5, wherein the signature generating unit generates the signaturebased on an instruction from a user who uses the data processing system.11. The data processing system of claim 5, wherein the signaturegenerating unit generates the signature when an IDS (Intrusion DetectionSystem)/IPS (Intrusion Prevention System) of the data processing systemdetects unauthorized intrusion.
 12. The data processing system of claim5, wherein the signature generating unit generates the signature fordata outputted last, when the data processing system finishes operation.13. The data processing system of claim 12 further comprising: a datachecking unit, when the data processing system starts, for checking datastored in the second memory device, and if there exists data storedafter last data to which a signature is appended, generating an alert tonotify of existence of the data stored after the last data to which thesignature is appended.
 14. The data processing system of claim 1,wherein the hash value generating unit generates upper level hash valuesfrom a plurality of first hash values, generates further upper levelhash values from a plurality of upper level hash values, and generatesupper level hash values over a plurality of hierarchies.
 15. The dataprocessing system of claim 14 further comprising: a signature generatingunit for generating a signature using a hash value of an uppermost levelamong upper level hash values generated by the hash value generatingunit.
 16. A data processing method using a first memory device and asecond memory device, appending a hash value to data which issequentially outputted, and storing the data to which the hash value isappended in the second memory device, the method comprising: at eachtime of storing the data in the second memory device, copying a firsthash value and a second hash value which are appended to storage data tobe stored in the second memory device, the first hash value beinggenerated from the storage data, the second hash value being generatedfrom a hash value of data which has been stored prior to the storagedata, and storing a copy of the first hash value and the second hashvalue in the first memory device; when new data is outputted, comparinga last first hash value and a last second hash value appended to lastdata stored last in the second memory unit with a copy of the last firsthash value and the last second hash value stored in the first memorydevice; when it is determined that the last first hash value and thelast second hash value and the copy of the last first hash value and thelast second hash value are matched, for generating a new first hashvalue from the new data, and generating a new second hash value from thelast first hash value and the last second hash value; and appending thenew first hash value and the new second hash value generated to the newdata, and storing the new data to which the new first hash value and thenew second hash value are appended in the second memory device.
 17. Aprogram for making a computer having a first memory device and a secondmemory device append a hash value to data which is sequentiallyoutputted, and store the data to which the hash value is appended in thesecond memory device, the program making the computer execute: a hashvalue copying and storing process, at each time of storing the data inthe second memory device, for copying a first hash value and a secondhash value which are appended to storage data to be stored in the secondmemory device, the first hash value being generated from the storagedata, the second hash value being generated from a hash value of datawhich has been stored prior to the storage data, and storing a copy ofthe first hash value and the second hash value in the first memorydevice; a hash values comparing process, when new data is outputted, forcomparing a last first hash value and a last second hash value appendedto last data stored last in the second memory unit with a copy of thelast first hash value and the last second hash value stored in the firstmemory device; a hash value generating process, when the hash valuecomparing process determines that the last first hash value and the lastsecond hash value and the copy of the last first hash value and the lastsecond hash value are matched, for generating a new first hash valuefrom the new data, and generating a new second hash value from the lastfirst hash value and the last second hash value; and a data storingprocess for appending the new first hash value and the new second hashvalue generated by the hash value generating process to the new data,and storing the new data to which the new first hash value and the newsecond hash value are appended in the second memory device.